Re: [PATCH v2 1/3] nvmem: core: improve range check for nvmem_cell_write()

[Jennifer Berringer]

On 10/29/24 13:55, Srinivas Kandagatla wrote:
> if (!nvmem || nvmem->read_only || len != cell->bytes)
>     return -EINVAL;
> 
> Does this work?
> 
> --srini

I decided against this because it seems potentially useful to allow len to be less than cell->bytes when bit_offset is nonzero. I assumed that was the purpose of the original "cell->bit_offset == 0".

For example, if a cell entry has the following field values
    { .bit_offset = 4, .nbits = 8, .bytes = 2, ...}
then it would make sense to call nvmem_cell_write() with len=1 in order to write 8 bits. To allow that, I used "len > cell->bytes" instead of "!=" later in this function:

>> @@ -1780,9 +1779,13 @@ static int __nvmem_cell_entry_write(struct nvmem_cell_entry *cell, void *buf, si
>>           return -EINVAL;
>>         if (cell->bit_offset || cell->nbits) {
>> +        if (len > cell->bytes)
>> +            return -EINVAL;
>>           buf = nvmem_cell_prepare_write_buffer(cell, buf, len);
>>           if (IS_ERR(buf))
>>               return PTR_ERR(buf);
>> +    } else if (len != cell->bytes) {
>> +        return -EINVAL;
>>       }

If you disagree with my reasoning then yes, your suggestion works and I can use that instead of what I wrote. None of the current in-tree callers of this function rely on that possibility I described.

Thank you for the feedback.

-Jennifer